On Thursday, September 9, 2004, 7:08:17 AM, Leonardo Helman wrote:
Hi, Should I send this to spamassasin list?
I've done some tests on mailscanner-spamcopuri-spamassasin, and the beast marks messages with spam uri correctly, but I couldn't make it report anything on: (I'm checking for 127.0.0.2) test.surbl.org (It consults only on surbl.org not on test.surbl.org)
That's because it only checks the registered domain and not its subdomains?
So if someone send me a mail with a http://spam.not-listed-as-spammer.com in it, it will not hit any surbl.
Is this correct?
host -t any test.surbl.org.multi.surbl.org reports: test.surbl.org.multi.surbl.org. text "multi.surbl.org permanent test point" test.surbl.org.multi.surbl.org. has address 127.0.0.2
As others have mentioned, programs using SURBL data try to reduce it to the registrar domain before checking it against SURBLS:
http://www.surbl.org/implementation.html
- Extract base (registrar) domains from those URIs. This
includes removing any and all leading host names, subdomains, www., randomized subdomains, etc. In order to determine the base domain it may be necessary to use a table of country code TLDs (ccTLDs) such as this partially-imcomplete one SURBL uses. For example, any domain found in the two level ccTLD list should have a three-level domain name extracted (like foo.co.uk) for matching against a SURBL. Domains not in the ccTLD list should have two levels checked (such as foo.com).
Therefore a two level domain or numeric IP address can be used for testing:
http://www.surbl.org/faq.html#test-uris
What URIs should a SURBL test message have?
SURBL test URLs are:
http://surbl-org-permanent-test-point-MUNGED.com/
or:
without the "-MUNGED"s. So if you send yourself a message with any of those unmunged testpoints as URIs, the messages should match any SURBLs you have installed. (The name of the list, in the earlier examples sc.surbl.org, is only added to DNS queries on the RBL.)
The testpoints are described at:
http://www.surbl.org/faq.html#testpoints
Jeff C.